Security Vulnerabilities
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-26
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-26
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-26
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-26
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-26
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-26
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`,
which is not a crypto-graphically secure random number generator. This
may allow an attacker to predict or brute force the secret used to sign
authentication cookies, potentially enabling token forgery or
authentication bypass. Additionally, each process generates its own
fallback secret, resulting in inconsistent secrets across nodes. This
causes authentication failures in distributed or multi-broker
deployments, effectively leading to a incorrectly configured clusters. Users are
advised to configure a strong `druid.auth.authenticator.kerberos.cookieSignatureSecret`
This issue affects Apache Druid: through 34.0.0.
Users are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set `druid.auth.authenticator.kerberos.cookieSignatureSecret` when using the Kerberos authenticator. Services will fail to come up if the secret is not set.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-26